using MD5 in certificates is well and truly broken
January 12th, 2009
A nice description of Certificate Authorities and the web of trust along with details on how researchers broke it in the case of MD5 signed certificates.
Theoretical attacks yield practical attacks on SSL, PKI: “In so doing they showed once and for all that the theoretical attack had practical value; chosen prefixes are enough to undermine systems built using MD5.”
